Skip to content

Password Hasher

Hash and verify passwords with Argon2id, bcrypt, and scrypt directly in your browser using WebAssembly. Configure parameters, compare computation times. Nothing leaves your device.

FreeNo SignupNo Server UploadsZero Tracking
Memory (KiB)64 MB
Iterations (time cost)3
Parallelism4

Computed with WebAssembly

All password hashing runs locally in your browser using WASM-compiled implementations. Nothing is sent to any server. The intentional slowness of these algorithms is what makes them secure against brute-force attacks.
Embed code
<iframe src="https://passforge.dev/embed/password-hasher" width="100%" height="600" frameborder="0" title="Password Hasher - passforge"></iframe>
<p style="font-size:12px;text-align:center;margin-top:4px;">
  <a href="https://passforge.dev/tools/password-hasher" target="_blank" rel="noopener">Powered by passforge</a>
</p>
Attribution preview

Powered by passforge

How to Use Password Hasher

  1. 1

    Enter a password

    Type or paste the password you want to hash into the password field.

  2. 2

    Choose an algorithm

    Select Argon2id (recommended), bcrypt, or scrypt. Adjust parameters like memory cost, iterations, and parallelism.

  3. 3

    Hash or verify

    Click Hash Password to generate a hash, or switch to Verify mode to check a password against an existing hash.

Frequently Asked Questions

Argon2id is recommended for new applications — it won the Password Hashing Competition and resists both GPU and side-channel attacks. bcrypt is a solid choice for legacy compatibility. scrypt is good when memory-hardness is a priority.

No. All hashing is performed locally using WebAssembly. No data is sent to any server.

Password hashing algorithms are intentionally slow. This makes brute-force attacks impractical — if each guess takes 100ms, an attacker can only try 10 passwords per second per core instead of billions.

The encoded format (e.g., $argon2id$v=19$m=65536,t=3,p=4$...) includes the algorithm, parameters, salt, and hash in a single string. This is the standard format for storing password hashes.

Yes. Switch to Verify mode, paste the hash string, enter the password, and click Verify. Supports Argon2 and bcrypt encoded formats.

OWASP recommends at least 19 MiB memory, 2 iterations, and 1 degree of parallelism. The defaults in this tool (64 MB, 3 iterations, 4 parallelism) exceed these minimums for stronger security.